Planet MySQL Planet MySQL: Meta Deutsch Español Français Italiano 日本語 Русский Português 中文
Showing entries 1 to 10 of 11 1 Older Entries

Displaying posts with tag: auditing (reset)

MySQL Syslog Audit Plugin
Employee_Team +4 Vote Up -0Vote Down

This post shows the construction process of the Syslog Audit plugin that was presented at MySQL Connect 2012. It is based on an environment that has the appropriate development tools enabled including gcc,g++ and cmake. It also assumes you have downloaded the MySQL source code (5.5.16 or higher) and have compiled and installed the system into the /usr/local/mysql directory ready for use. 

The information provided below is designed to show the different components that make up a plugin, and specifically an audit type plugin, and how it comes together to be used within the MySQL service. The MySQL Reference Manual contains information regarding the plugin API and how it can be used, so please refer

  [Read more...]
New in MySQL Enterprise Edition: Policy-based Auditing!
Employee_Team +3 Vote Up -0Vote Down
Normal 0 false false false EN-US X-NONE X-NONE Normal 0 false false false EN-US X-NONE X-NONE  [Read more...]
Speaking at MySQL Connect 2012
Employee_Team +5 Vote Up -0Vote Down

At the end of September, the MySQL Connect 2012 conference will be held as part of Oracle OpenWorld in San Francisco. MySQL Connect is a two day event that allows attendees to focus on MySQL at a technical depth with presentations and interaction with many of the MySQL developers, engineers and other knowledgeable staff. There is also a range a international speakers to give broader knowledge to the presentations.

I am presenting a Hands-On Lab on Sunday 30th September 16:15 - 17:15 entitled HOL10474 - MySQL Security:

  [Read more...]
Linus on Instantiation and Armadaification
+0 Vote Up -1Vote Down

I feel a sense of pride when I think that I was involved in the development and maintenance of what was probably the first piece of software accepted into Debian which then had and still has direct up-stream support from Microsoft. The world is a better place for having Microsoft in it. The first operating system I ever ran on an 08086-based CPU was MS-DOS 2.x. I remember how thrilled I was when we got to see how my friend’s 80286 system ran BBS software that would cause a modem to dial a local system and display the application as if it were running on a local machine. Totally sweet.

When we were living at 6162 NE Middle in the nine-eight 292, we got an 80386 which ran Doom. Yeah, the original one, not the fancy new one with the double barrel shotgun, but it would probably run that one, too.

  [Read more...]
The blog was down yesterday
+0 Vote Up -0Vote Down

The brief outage was due to a scheduled move of the servers to a separate rack and subnet dedicated to our work with the Center for Information Assurance & Cybersecurity (ciac) at the University of Washington Bothell (uwb), and a11y.com

I am currently exercising the new (to us) equipment and hope to winnow the less than awesome equipment over the next quarter. I spent the last six months finding the best in breed of the surplussed DL385 and DL380 chassis we (work) were going to have recycled. The team and I were able to find enough equipment to bring up one of each with eight and six gigs of memory, respectively. These will make excellent hypervisors for provisioning embedded instances of Slackware, Fedora, RHEL, CentOS, Debian, FreeBSD, OpenSolaris, OpenIndiana, FreeDOS, etc.

When I initially configured this xen paravirt environment, I failed to plan for integration with libvirt, so I am

  [Read more...]
NIST::NVD::Store::SQLite3 1.00.00
+0 Vote Up -0Vote Down

It’s been released. Use this with NIST::NVD 1.00.00 and you will be able to perform immediate look-ups of CVE and CWE data given a CPE URN. For instance:

cjac@foxtrot:/usr/src/git/f5/NIST-NVD-Store-SQLite3$ perl Makefile.PL ; make ; make test ; cjac@foxtrot:/usr/src/git/f5/NIST-NVD-Store-SQLite3$ perl -MNIST::NVD::Query -MData::Dumper -e '
$q = NIST::NVD::Query->new(store    => q{SQLite3},database => q{t/data/nvdcve-2.0.db});
$cve_list = $q->cve_for_cpe( cpe => q{cpe:/a:microsoft:ie:7.0.5730.11} );
print Data::Dumper::Dumper { cve_list => $cve_list, first_cvss => $q->cve( cve_id => $cve_list->[0] )->{q{vuln:cvss}} }
'
$VAR1 = {
          'cve_list' => [
                          'CVE-2002-2435',
                          'CVE-2010-5071'
                        ],
          'first_cvss' => {
  [Read more...]
NIST::NVD 1.00.00
+0 Vote Up -0Vote Down

I’m leaving myself some room for bug fixes. It works for us in house. I would love to help others to give it a try. especially those who could benefit from making nearly immediately answered queries to the NIST’s NVD database.

The code in this release cannot by itself track the feed from the feds in real time. The nvd entry loader needs a little bit of love in the area of record merging before this starts working. It’s on my TODO list.

I’m sorry for the outage of git.colliertech.org. I’ll get that back up here shortly. In the meantime, feel free to grab it from this location while the CPAN indexes and processes my submission.

http://www.colliertech.org/federal/NIST/NIST-NVD-1.00.00.tar.bz2

don’t forget to check the cryptographic signature:

  [Read more...]
It’s Time to Take Action – GreenSQL 2.1.4 Is Now Available
+0 Vote Up -1Vote Down

The GreenSQL Unified Database Security solution is proceeding at a rapid pace. We are pleased to announce that our latest release, GreenSQL 2.1.4, is available for immediate download.

The GreenSQL Unified Solution features Security, Auditing, Masking and Performance for databases  in one suite, ensuring that databases are protected from internal and external threats in real-time, while improving performance and facilitating database security policy compliance.

Download any GreenSQL package and get GreenSQL’s Enterprise Edition functionality for an evaluation period of 14 days. 

Read more: 

  [Read more...]
Pythian Offers Customized Training/Consulting Package
+1 Vote Up -0Vote Down

Yesterday, The Pythian Group issued a press release about my book, Pythian’s partnership with Sun, and our new “MySQL Adoption Accelerator Package”. I am not a marketing guru, but I can tell you what we the package means in terms of new work that the MySQL teams have been doing.

Basically, the MySQL Adoption Accelerator Package combines customized training with a comprehensive audit of systems. The name “Adoption Accelerator” makes it sound like it’s only for new applications that are almost ready to go live. What the program actually does is have us evaluate your systems, and intensively train you in the areas you want and need. The program is designed to suit all your needs, whether it’s teaching you about one topic (say, query optimization) or an entire range of topics, from Architecture to

  [Read more...]
Performance Monitoring, Tuning & Auditing in MySQL® 5.1 - A GUI Approach - PART 1
+0 Vote Up -0Vote Down

Revision: 8 - Last Update: September 03 2008

This is the first part of a series of short articles with a how-to approach about MySQL® Performance Monitoring, Tuning & Auditing. We will see the question from a GUI prospective. In particular we will describe which monitoring-oriented features HoneyMonitor, a GUI for MySQL® currently in alpha development, implements.

I will explain how HoneyMonitor let you

  • install an audit database on your server, without the need of using 3th Party Agents nor using remote repository databases
  • enable the auditing and start monitoring your server
  • tuning your server changing a few suggested list of variables to get better performance.
  • We will use only the 5.1.x series of the Server as we use some Scheduled Events and the

      [Read more...]
    Showing entries 1 to 10 of 11 1 Older Entries

    Planet MySQL © 1995, 2014, Oracle Corporation and/or its affiliates   Legal Policies | Your Privacy Rights | Terms of Use

    Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.